First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Privacy Compliance and Management

“Swipe card” records inadmissible to prove time theft

An employee was terminated for time theft because his time cards did not align with the ‘swipe card’ records showing when he entered and exited the building. But did the employer collect the data in accordance with privacy laws?

 

, , , , ,

Estonian blockchain-based ID card security flaw raises issues about identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to restrict some of the ID card’s security features until a permanent solution is found.

 

, , , , ,

Employee misconduct and social media

As technology continues to blur the line between personal and professional life, employers increasingly find themselves dealing with the impact of social media on the employment relationship.

 

, , ,

Expectation of privacy and electronic messaging: The Supreme Court of Canada to dot the “i’s”

It is best to remain abreast of developments in this matter, in order to clearly identify and be up-to-date on any guidelines concerning the disclosure of the content of messages between individuals in a judicial context.

 

, , , , , , ,

What HR needs to know about investigating an employee’s digital activity

You’ve been asked to review the digital activity of an employee. Your company has some concerns, and wants you to investigate. With the amount of enterprise-level technology and controls that most companies now have, shouldn’t that be fairly straightforward?

 

, , , ,

Privacy Commissioner’s report on public perception of companies’ privacy practices holds lessons for business

The Office of the Privacy Commissioner of Canada (“OPC”) recently released a preliminary report outlining the results of a series of focus groups conducted with Canadians about privacy and the protection of personal information.

 

, , , ,

Government of Canada publishes proposed Breach of Security Safeguards Regulations

On September 2, 2017, the Government of Canada published proposed Breach of Security Safeguards Regulations. The proposed regulations relate to the provisions in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), which are not yet in force.

 

, , ,

Department of Finance releases consultation paper on new retail payments oversight framework

On July 7, 2017, the Department of Finance issued the consultation paper “A New Retail Payments Oversight Framework” (the “Consultation Paper”) proposing a federal oversight framework for retail payments. Comments on the Consultation Paper are due October 6, 2017.

 

, , , , ,

Searches of electronic devices at the Canada/US border

The possibility of arbitrary searches of the electronic devices of persons crossing into the US continues to raise concerns among Canadians and, in particular, privacy regulators. Recent statements (and subsequent legislative amendments) are attempting to address some of the legal issues.

 

, , , , , , , ,

The global reach of Canadian privacy law: Federal court issues landmark ruling in Globe24h

With the global reach of the internet and ease with which information may now be disseminated, this decision therefore may provide corporations and individuals with an effective avenue to pursue foreign-based entities and enforce their rights with respect to disputes involving illegal, defamatory or malicious online activity originating abroad.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

The future of risk management

The Institute of Risk Management has a great feature where they have asked people around the world, including a number of luminaries, about the future of risk management.

 

, , , ,

The right to be forgotten has a three-piece suit tailor-made in Canada? From Quebec to British Columbia

This article aims to situate the debate on the right to be forgotten in light of three major precedents, which apparently evolved in isolation (in different provinces, distinct jurisdictions) and yet have everything in common. Indeed, the right to be forgotten is perhaps not as bare as we have been told; we might even go so far as to say that, for the moment, it has a three-piece suit tailor-made in Canada.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

Lawyers need to keep up with AI

For decades, novelists, scientists, mathematicians, futurists and science fiction enthusiasts have imagined what an automated society might look like. Artificial intelligence, or AI, is rapidly evolving, and the society we could only once imagine may be on the brink of becoming our new reality.

 

, , , , , , ,

Can marketing and compliance share a playbook?

I recently read an article in the Winter 2017 MIT Sloan Management Review, Mastering the Market Intelligence Challenge (Chari, Luce & Thukral). In this work, the authors address how “many multinationals simply import their domestic models into emerging markets.” And whilst this work is directed towards those who deal with market intelligence in emerging markets, the conclusions drawn are equally applicable to those who face compliance challenges in such frontier regions.

 

, , , , , , , , , ,

Cybersecurity in a post-Ashley Madison world

In a recent key finding, PIPEDA Report of Findings #2016-005 – Joint investigation of Ashley Madison, the Office of the Privacy Commissioner of Canada provided crucial guidance to organizations in relation to information protection and cybersecurity.

 

, , , , , , , , , ,

Previous Posts Next posts